| 1342282
|
|
Deal with domains with a trailing period
|
WebExtensions
|
General
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1482368
|
|
same origin policy for file: URI and NTFS symlink and junction point
|
Core
|
Security: CAPS
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1570889
|
|
blob URLs and CSP sandbox'ed pages should inherit Cross-Origin-Opener-Policy
|
Core
|
DOM: File
|
echuang
|
NEW
|
---
|
2024-05-30
|
| 1289387
|
|
Follow up fixes to sendBeacon()'s request mode
|
Core
|
DOM: Networking
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1315203
|
|
XSHM: Cross Site History Manipulation (information leakage)
|
Core
|
DOM: Navigation
|
nobody
|
NEW
|
---
|
2024-01-01
|
| 1335688
|
|
Cross-Site Printing (XSP) and CORS Spoofing
|
Core
|
Networking
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1398886
|
|
Partial SOP Bypass (All Browsers)
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 971598
|
|
[meta] Mitigate "Self-XSS" social engineering attacks
|
Firefox
|
General
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1279126
|
|
Save hidden executable in users computer using 'Save Page As'
|
Firefox
|
File Handling
|
nobody
|
REOP
|
---
|
2024-05-30
|
| 1833876
|
|
Manipulation with Offscreen Canvas allows bypassing tainting restrictions
|
Core
|
Graphics: Canvas2D
|
aosmond
|
RESO
|
FIXE
|
2024-06-02
|
| 1634872
|
|
Leak of post-redirect url in error stacktrace when script loaded via importScripts in Web Workers
|
Core
|
DOM: Workers
|
bugmail
|
RESO
|
FIXE
|
2024-05-30
|
| 1497242
|
|
Continuously revealing of Cross-Origin URL (history navigation) is possible using performance.getEntriesByType() on Firefox for iOS
|
Firefox for iOS
|
General
|
fpatel
|
RESO
|
FIXE
|
2024-05-30
|
| 1631739
|
|
XSS from booby-trapped link on Firefox iOS Download Link Action
|
Firefox for iOS
|
General
|
gkeeley
|
RESO
|
FIXE
|
2024-05-30
|
| 1762078
|
|
ServiceWorker-added timing attacks to infer length or existence of cross-origin resources from no-cors media element requests
|
Core
|
DOM: Service Workers
|
jmarshall
|
RESO
|
FIXE
|
2023-06-12
|
| 1330769
|
|
ASLR leak via pointer scrambling in ShapeTable
|
Core
|
JavaScript Engine
|
jorendorff
|
RESO
|
FIXE
|
2017-08-28
|
| 158049
|
|
cross-domain variable detection with scopes (eval, with)
|
Core
|
DOM: Core & HTML
|
jstenback+bmo
|
RESO
|
FIXE
|
2013-06-18
|
| 1433929
|
|
Remove forms when sanitizing HTML fragments for chrome-privileged documents
|
Core
|
DOM: Security
|
mail
|
RESO
|
FIXE
|
2018-08-28
|
| 1694903
|
|
Cross-Origin Restrictions Bypass with Blob and Fetch
|
Core
|
DOM: File
|
nobody
|
RESO
|
DUPL
|
2023-05-22
|
| 1659155
|
|
contextMenus.onClicked: info.srcUrl is the final URL (after redirects) instead of the <img src> value.
|
WebExtensions
|
General
|
rob
|
RESO
|
FIXE
|
2022-08-26
|
| 1735856
|
|
Securitypolicyviolation leaks cross-origin information into parent for frame-ancestors violations
|
Core
|
DOM: Security
|
rob
|
RESO
|
FIXE
|
2022-08-26
|
| 1416307
|
|
When RefreshURI gets called with a null principal, we end up using the page's referrer as a principal
|
Core
|
DOM: Navigation
|
smaug
|
RESO
|
FIXE
|
2018-08-28
|
| 1790311
|
|
Generic CORS bypass that enables Cross-Site-Tracing (XST)
|
Core
|
DOM: Networking
|
smayya
|
RESO
|
FIXE
|
2024-05-30
|
| 1305208
|
|
Background application can steal arbitrary web contents through reader-mode
|
Firefox for iOS
|
Reader View
|
thebnich+bmo
|
RESO
|
FIXE
|
2024-05-30
|
| 1419166
|
|
Cross-origin Shared Worker using data: url
|
Core
|
DOM: Workers
|
amarchesini
|
RESO
|
FIXE
|
2024-05-30
|
| 1405599
|
|
Audio capture can start under wrong origin
|
Core
|
WebRTC: Audio/Video
|
apehrson
|
RESO
|
FIXE
|
2018-11-05
|
| 1690976
|
|
MediaError message property can leak information about cross-origin media resource
|
Core
|
Audio/Video: Playbac
|
apehrson
|
RESO
|
FIXE
|
2021-11-22
|
| 1439879
|
|
navigations that redirect from a controlled scope to uncontrolled scope do not clear their controller in e10s mode
|
Core
|
DOM: Service Workers
|
ben
|
RESO
|
FIXE
|
2019-02-24
|
| 92773
|
|
calling custom getter/setter not subject to same-origin check
|
Core
|
Security
|
brendan
|
RESO
|
FIXE
|
2013-06-09
|
| 1367531
|
|
CSP frame-ancestors should not compare paths per CSP-3
|
Core
|
DOM: Security
|
ckerschb
|
RESO
|
FIXE
|
2024-05-30
|
| 1730935
|
|
Opportunistic Security for HTTP/2 opt-in checking partial bypass
|
Core
|
Networking: HTTP
|
dd.mozilla
|
RESO
|
FIXE
|
2024-05-04
|
| 86028
|
|
can redefine focus() and other allAccess functions at another domain
|
Core
|
Security: CAPS
|
dveditz
|
RESO
|
FIXE
|
2013-06-09
|
| 1738426
|
|
Allow opaque 206 responses into the cache
|
Core
|
DOM: Service Workers
|
echuang
|
RESO
|
FIXE
|
2024-04-28
|
| 90757
|
|
non-built-in DOM properties not subject to same-origin check
|
Core
|
Security: CAPS
|
jstenback+bmo
|
RESO
|
FIXE
|
2013-06-09
|
| 1762068
|
|
Mixing of cross-origin and ServiceWorker range responses with media element (cross-origin data leak)
|
Core
|
Audio/Video: Playbac
|
karlt
|
RESO
|
DUPL
|
2023-05-22
|
| 1420932
|
|
Write a test for bug 1419166
|
Core
|
DOM: Workers
|
nobody
|
RESO
|
DUPL
|
2020-08-08
|
| 1465448
|
|
Spectre mitigations for CodeGenerator::visitFunctionDispatch
|
Core
|
JavaScript Engine: J
|
nobody
|
RESO
|
FIXE
|
2021-11-22
|
| 1465450
|
|
Spectre mitigations for CodeGenerator::visitObjectGroupDispatch
|
Core
|
JavaScript Engine: J
|
nobody
|
RESO
|
FIXE
|
2021-11-22
|
| 1790345
|
|
CSP violation report can be made to leak cross origin information from embedded page (bypassing SOP)
|
Core
|
DOM: Security
|
tschuster
|
RESO
|
FIXE
|
2024-05-30
|
| 1491575
|
|
Cross-Origin URL Steal is possible using performance.getEntriesByType()
|
Core
|
DOM: Core & HTML
|
valentin.gosu
|
RESO
|
INVA
|
2020-01-09
|
| 1463507
|
|
Fetch may allow reading local files without restriction
|
Core
|
DOM: Security
|
dveditz
|
RESO
|
INVA
|
2020-01-09
|
| 1548773
|
|
Remove support for typemustmatch
|
Core
|
DOM: Core & HTML
|
fbraun
|
RESO
|
FIXE
|
2024-05-30
|
| 1731614
|
|
MediaError message property leaks information on cross-origin same-site pages
|
Core
|
DOM: Security
|
jewilde
|
RESO
|
FIXE
|
2024-05-30
|
| 1345045
|
|
Canvas composite operations and CSS blend modes leak cross-origin data via timing attacks
|
Core
|
Graphics
|
lsalzman
|
RESO
|
FIXE
|
2024-05-30
|
| 1440622
|
|
"Content-disposition: attachment" files opened in browser (not saved) can read other files in the temp directory
|
Core
|
DOM: Security
|
nobody
|
RESO
|
FIXE
|
2019-07-17
|
| 1465459
|
|
Spectre mitigations for CodeGenerator::visitTypedObjectElements
|
Core
|
JavaScript Engine: J
|
nobody
|
RESO
|
FIXE
|
2021-11-22
|
| 1578317
|
|
Leaking status code of a cross-origin resource by using an audio/video tag and MediaError's messages
|
Core
|
Audio/Video
|
padenot
|
RESO
|
DUPL
|
2024-05-30
|
| 1450853
|
|
MediaError message property leaks cross-origin response status
|
Core
|
DOM: Security
|
sstreich
|
RESO
|
FIXE
|
2024-05-30
|
| 1411716
|
|
TBE-01-014: JavaScript Execution via RSS in mailbox:// origin
|
MailNews Core
|
Feed Reader
|
alta88
|
RESO
|
FIXE
|
2020-02-16
|
| 1184310
|
|
Cross-origin data leakage through importScripts()
|
Core
|
DOM: Workers
|
amarchesini
|
RESO
|
DUPL
|
2024-05-30
|
| 1528909
|
|
ImageBitmap drawn to canvases, does not affect taint
|
Core
|
Graphics: Canvas2D
|
amarchesini
|
RESO
|
FIXE
|
2024-05-30
|
| 1208339
|
|
Cross-Origin restriction bypass with fetch using 302 redirection
|
Core
|
DOM: Core & HTML
|
ben
|
RESO
|
DUPL
|
2024-05-30
|
| 1212433
|
|
fetch() doesn't do a preflight when doing same-origin to cross-origin redirect
|
Core
|
DOM: Security
|
ben
|
RESO
|
FIXE
|
2015-11-10
|
| 1212669
|
|
released fetch() allows full access to body on credentialed cross-origin no-cors request redirected from same-origin to cross-origin URL
|
Core
|
DOM: Core & HTML
|
ben
|
RESO
|
FIXE
|
2019-03-13
|
| 1245724
|
|
NPAPI-initiated network requests can be intercepted by service workers breaking plugin origin expectations
|
Core
|
DOM: Service Workers
|
ben
|
RESO
|
FIXE
|
2024-05-30
|
| 1467852
|
|
same-origin bypass using service worker and redirects due to incorrect redirected synthesized taint handling
|
Core
|
DOM: Service Workers
|
ben
|
RESO
|
FIXE
|
2019-08-07
|
| 793121
|
|
nsLocation::CheckURL can use the wrong principal
|
Core
|
Security
|
bholley
|
RESO
|
FIXE
|
2013-01-10
|
| 161548
|
|
global history miscalculates hostname for javascript: urls
|
Core Graveyard
|
History: Global
|
bugzilla
|
RESO
|
WORK
|
2018-08-01
|
| 1582857
|
|
DOM methods called with cross-origin this object don't handle document.domain consideration correctly
|
Core
|
DOM: Bindings (WebID
|
bzbarsky
|
RESO
|
FIXE
|
2022-01-10
|
| 1278013
|
|
Same origin policy bypass in local document/Universal xss
|
Core
|
Networking: File
|
ckerschb
|
RESO
|
FIXE
|
2024-05-30
|
| 1353975
|
|
UXSS: Origin confusion when reloading isolated data:text/html URL
|
Core
|
DOM: Navigation
|
ckerschb
|
RESO
|
FIXE
|
2024-05-30
|
| 1246956
|
|
Stealing of URL cross-domain using performance.getEntries() after restore previous session
|
Firefox
|
Session Restore
|
dd.mozilla
|
RESO
|
FIXE
|
2024-05-30
|
| 1317641
|
|
http redirect to data: inherits principal (SVG image cookie setting; object XSS)
|
Core
|
Networking: HTTP
|
dd.mozilla
|
RESO
|
FIXE
|
2024-05-30
|
| 1319122
|
|
SVG-as-an-image sends requests for external files, if they're included in a data URI
|
Core
|
SVG
|
dholbert
|
RESO
|
FIXE
|
2024-05-30
|
| 230606
|
|
Tighten the same-origin policy for local files (file: URLs, trusted, security)
|
Core
|
Security: CAPS
|
dveditz
|
RESO
|
FIXE
|
2022-06-01
|
| 1164397
|
|
[e10s] SOP bypass with the service worker and 30x redirect
|
Core
|
DOM: Service Workers
|
ehsan.akhgari
|
RESO
|
FIXE
|
2024-05-30
|
| 1200856
|
|
CORS preflight cache poisoning with the credentials flag
|
Core
|
DOM: Core & HTML
|
ehsan.akhgari
|
RESO
|
FIXE
|
2019-03-13
|
| 1200869
|
|
CORS preflight cache poisoning with a CORS header being mistaken with another CORS header
|
Core
|
DOM: Core & HTML
|
ehsan.akhgari
|
RESO
|
FIXE
|
2019-03-13
|
| 1698503
|
|
Stop Alt-Svc connections to go to blocked ports, when they are written and parsed as exceeding 16 bit
|
Core
|
Networking
|
fbraun
|
RESO
|
FIXE
|
2021-11-22
|
| 1277583
|
|
A regression has made it possible to perform privilege escalation/local file disclosure in 47+ via feed: URIs
|
Core
|
Security: CAPS
|
gijskruitbosch+bugs
|
RESO
|
FIXE
|
2024-05-30
|
| 1653827
|
|
Rogue download handler can be injected by any web contents
|
Firefox for iOS
|
Browser
|
gkeeley
|
RESO
|
FIXE
|
2024-05-30
|
| 1380616
|
|
"Firefox Screenshots" functionality can be tricked into injecting trusted UI into an untrusted frame
|
Firefox
|
Screenshots
|
ianb
|
RESO
|
FIXE
|
2024-05-30
|
| 1317936
|
|
Fix cross-origin information leak from shared atoms
|
Core
|
JavaScript Engine
|
jdemooij
|
RESO
|
FIXE
|
2017-02-09
|
| 1173811
|
|
FetchEvent.respondWith() should propagate opaque tainting
|
Core
|
DOM: Service Workers
|
josh
|
RESO
|
FIXE
|
2015-11-10
|
| 304284
|
|
doc.location.href is URL of document currently loaded in doc's tab
|
Core
|
DOM: Core & HTML
|
jstenback+bmo
|
RESO
|
FIXE
|
2019-03-13
|
| 1048535
|
|
Cross-origin info leak: [[get]] calls on global expose text (or CSV) sniffed as JS
|
Core
|
JavaScript Engine
|
jwalden
|
RESO
|
FIXE
|
2024-05-30
|
| 1000337
|
|
Notification.get() returns notification of other applications in non-OOP
|
Core
|
General
|
lissyx+mozillians
|
RESO
|
FIXE
|
2015-08-30
|
| 1148328
|
|
Server certificate verification bypass with Alt-Svc
|
Core
|
Networking: HTTP
|
mcmanus
|
RESO
|
FIXE
|
2024-05-30
|
| 614151
|
|
setTimeout(close) closes a window the page isn't allowed to close
|
Core
|
DOM: Core & HTML
|
mrbkap
|
RESO
|
FIXE
|
2019-03-13
|
| 161546
|
|
javascript: urls from history window/sidebar run in context of current page
|
Core Graveyard
|
History: Global
|
nisheeth_mozilla
|
RESO
|
FIXE
|
2018-08-01
|
| 825869
|
|
window.opener BUG: XSS possible for <a target="_blank" href="data:…"> targets
|
Core
|
Security
|
nobody
|
RESO
|
INCO
|
2016-06-02
|
| 1184855
|
|
Fetch interception for XMLDocument.load() does not respect cross origin restrictions
|
Core
|
DOM: Service Workers
|
nobody
|
RESO
|
INVA
|
2016-06-04
|
| 1211020
|
|
FF is not Executing CORS Preflight for Cross Domain XHR POST if Content-Type includes text/plain (but is not actually text/plain)
|
Core
|
DOM: Security
|
nobody
|
RESO
|
DUPL
|
2024-05-30
|
| 1248487
|
|
User credentials leak and arbitrary local file read/leak due to same-origin-policy violation with plugins
|
Core Graveyard
|
Plug-ins
|
nobody
|
RESO
|
INCO
|
2024-05-30
|
| 1280339
|
|
Unprivileged content can open resource: URIs via PDF.js
|
Firefox
|
PDF Viewer
|
nobody
|
RESO
|
FIXE
|
2021-03-29
|
| 1352840
|
|
Cross-origin data theft using drag and drop from iframe.
|
Core
|
DOM: Copy & Paste an
|
nobody
|
RESO
|
FIXE
|
2024-05-30
|
| 1364132
|
|
navigator.sendBeacon sends proper cookies with Blob POST requests
|
Core
|
DOM: Security
|
nobody
|
RESO
|
DUPL
|
2024-05-30
|
| 1487965
|
|
Cross-Origin URL Steal is possible using performance.getEntries()
|
Core
|
DOM: Navigation
|
nobody
|
RESO
|
DUPL
|
2023-01-16
|
| 1497229
|
|
Cross-Origin URL Steal is possible using performance.getEntries() on Firefox for iOS
|
Firefox for iOS
|
General
|
nobody
|
RESO
|
FIXE
|
2023-12-02
|
| 1588928
|
|
Semi-Universal XSS by redirecting to javascript: links
|
Firefox for iOS
|
General
|
nobody
|
RESO
|
FIXE
|
2024-05-30
|
| 1654986
|
|
Javascript Scheme Hrefs in Child Frames Execute in Parent Origin on Download
|
Firefox for iOS
|
General
|
nobody
|
RESO
|
FIXE
|
2024-05-30
|
| 1701684
|
|
Universal XSS with pop-up prompts
|
Fenix
|
General
|
nobody
|
RESO
|
FIXE
|
2022-11-03
|
| 856042
|
|
It's possible to bypass security wrappers by using mozContact
|
Core
|
Security
|
reuben.morais
|
RESO
|
FIXE
|
2024-05-30
|
| 1719026
|
|
Mozilla Firefox Focus for Android - UXSS
|
Focus
|
General
|
s.kaspari
|
RESO
|
FIXE
|
2024-05-30
|
| 1648445
|
|
Backout - bypassCORSChecks
|
Core
|
Networking: HTTP
|
sstreich
|
RESO
|
DUPL
|
2023-05-22
|
| 1279787
|
|
Stealing cross origin DOM data with bypassing localhost navigation restriction
|
Firefox for iOS
|
General
|
thebnich+bmo
|
RESO
|
FIXE
|
2024-05-30
|
| 1254688
|
|
Resource Timing API is storing resources sent by the previous page.
|
Core
|
DOM: Core & HTML
|
valentin.gosu
|
RESO
|
FIXE
|
2019-03-13
|
| 1789128
|
|
A Variant of bug id 1487964: Cross-Origin URL Steal is possible using performance.getEntries()
|
Core
|
DOM: Performance
|
valentin.gosu
|
RESO
|
FIXE
|
2024-05-30
|
| 1647078
|
|
content:// provider allows websites to remotely steal any file from the device if the path is known
|
Firefox for Android
|
General
|
agi
|
VERI
|
FIXE
|
2024-05-30
|
| 1449898
|
|
Race condition in PDF Viewer allows circumventing same-origin policy for PDF files
|
Firefox
|
PDF Viewer
|
bdahl
|
VERI
|
FIXE
|
2024-05-30
|
| 1542194
|
|
CSP violation information contains URL of redirect started from client-side code
|
Core
|
DOM: Security
|
ckerschb
|
VERI
|
FIXE
|
2024-05-30
|
| 1468523
|
|
Stealing of URL cross-domain using performance.getEntries() once again, treat meta refresh channel as a redirect by setting result principal URL
|
Core
|
DOM: Navigation
|
dd.mozilla
|
VERI
|
FIXE
|
2024-05-30
|
| 1313711
|
|
Same-Origin-Policy violation via Text Track
|
Core
|
Audio/Video: Playbac
|
hchang.mozilla
|
VERI
|
FIXE
|
2018-05-24
|
| 1465160
|
|
javascript: URI is triggered when clicking 'view image' opening up old XSS vectors
|
Core
|
DOM: Security
|
jonathan
|
VERI
|
FIXE
|
2024-05-30
|
| 1312001
|
|
ASLR leak and cross-frame oracle via pointer scrambling in Map/Set
|
Core
|
JavaScript Engine
|
jorendorff
|
VERI
|
FIXE
|
2017-10-26
|
| 1559715
|
|
Cross-origin image stealing using SVG filters and canvas
|
Core
|
SVG
|
longsonr
|
VERI
|
FIXE
|
2024-05-30
|
| 1478843
|
|
Cross-origin audio leak in HLS
|
Firefox for Android
|
Audio/Video
|
padenot
|
VERI
|
FIXE
|
2024-05-30
|
| 1768537
|
|
CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI
|
Core
|
DOM: Security
|
pbz
|
VERI
|
FIXE
|
2024-05-30
|
| 1487964
|
|
Cross-Origin URL Steal is possible using performance.getEntries()
|
Core
|
DOM: Navigation
|
valentin.gosu
|
VERI
|
FIXE
|
2024-05-30
|
| 1441153
|
|
Cross origin leak of resource size using media element
|
Core
|
Audio/Video: Playbac
|
chris
|
VERI
|
FIXE
|
2022-03-29
|
| 59208
|
|
Can enumerate properties of a window in another domain
|
Core
|
Security: CAPS
|
security-bugs
|
VERI
|
FIXE
|
2013-06-09
|
| 1560495
|
|
[Navigation Timing] unload event test failures
|
Core
|
DOM: Core & HTML
|
whawkins
|
VERI
|
FIXE
|
2020-06-05
|
| 1160890
|
|
Cross-origin information disclosure with error message of Web Workers importScripts()
|
Core
|
DOM: Workers
|
amarchesini
|
VERI
|
FIXE
|
2024-05-30
|
| 1526218
|
|
Tainted canvases can be rendered in a bitmap context
|
Core
|
Graphics: Canvas2D
|
amarchesini
|
VERI
|
FIXE
|
2024-05-30
|
| 1540221
|
|
Security: Cross-origin theft of images in fillText and CanvasPattern
|
Core
|
Graphics: Canvas2D
|
amarchesini
|
VERI
|
FIXE
|
2024-05-30
|
| 1739934
|
|
social-engineered XSS on default search provider via javascript:alert(1) URL which is SENT from another app
|
Fenix
|
General
|
amejiamarmol
|
VERI
|
FIXE
|
2024-05-30
|
| 1683940
|
|
Cross-origin information leakage via redirected PDF requests
|
Firefox
|
PDF Viewer
|
bdahl
|
VERI
|
FIXE
|
2021-04-04
|
| 789713
|
|
Assertion failure: wrapper->isWrapper() setting domain
|
Core
|
JavaScript Engine
|
bholley
|
VERI
|
FIXE
|
2013-01-10
|
| 801305
|
|
nsLocation::CheckURL still can use the wrong principal
|
Core
|
Security
|
bholley
|
VERI
|
FIXE
|
2013-04-08
|
| 1210302
|
|
CORS does a simple instead of preflighted request for POST with non-standard Content-Type header
|
Core
|
DOM: Security
|
ehsan.akhgari
|
VERI
|
FIXE
|
2024-05-30
|
| 799952
|
|
Cross domain access to the location object
|
Core
|
DOM: Core & HTML
|
ejpbruel
|
VERI
|
FIXE
|
2024-05-30
|
| 1356893
|
|
Firefox for Android allows navigating from http: to file: URLs
|
Firefox for Android
|
General
|
esawin
|
VERI
|
FIXE
|
2024-05-30
|
| 1442840
|
|
Iframe injection & content spoofing & scripts execution via json viewer
|
DevTools
|
JSON Viewer
|
gijskruitbosch+bugs
|
VERI
|
FIXE
|
2024-05-30
|
| 246448
|
|
can spoof framed sites by changing frame contents
|
Core
|
Security
|
jstenback+bmo
|
VERI
|
FIXE
|
2013-06-09
|
| 1735923
|
|
Leaking size of cross-origin resources by using Range Requests and Service Workers
|
Core
|
Audio/Video: Playbac
|
karlt
|
VERI
|
FIXE
|
2024-05-30
|
| 1642028
|
|
drawImage timing depends on alpha-channel value, allowing to read cross-origin images
|
Core
|
Graphics: Canvas2D
|
lsalzman
|
VERI
|
FIXE
|
2024-05-30
|
| 1336622
|
|
Pixelstealing and history-stealing through floating-point timing side channel with SVG filters.
|
Core
|
SVG
|
mstange.moz
|
VERI
|
FIXE
|
2020-10-07
|
| 1744352
|
|
Sandboxed iFrame XSS - javascript URI's run with target _blank
|
Core
|
DOM: Core & HTML
|
nika
|
VERI
|
FIXE
|
2024-05-30
|
| 1408708
|
|
Developer tool's traffic routes through service worker
|
DevTools
|
General
|
poirot.alex
|
VERI
|
FIXE
|
2024-05-30
|
| 1736886
|
|
uxss on qrcode code reader (mozilla android version: 93.2.0 (Build #2015839747))
|
Fenix
|
General
|
royang
|
VERI
|
FIXE
|
2024-05-30
|
| 1730120
|
|
UXSS: location.origin is changed (port/host)
|
Core
|
DOM: Navigation
|
smaug
|
VERI
|
FIXE
|
2024-05-30
|
| 1645204
|
|
bypassCORSChecks is not cleared after a redirect
|
Core
|
Networking: HTTP
|
sstreich
|
VERI
|
FIXE
|
2021-04-07
|